[每日信息流] 2026-02-25 #1159
Description
每日安全资讯(2026-02-25)
- SecWiki News
- Doonsec's feed
- Claude Code Security会给网络安全行业带来什么改变?
- 【0day】东胜物流软件 HtmlSearchServiceLCL.aspx SQL注入漏洞
- 【0day】东胜物流软件 CrmProxyMailListHtmlGridSource.aspx SQL注入漏洞
- stored RCE?:AI代码审计到底怎样?
- 策马扬鞭启新程·安智云端新领航|渝融云2026开工仪式圆满举行
- 国内某知名AI现严重漏洞,可被绕过生成暴露图片
- 朝鲜黑客组织使用美杜莎勒索软件进行敛财
- 大模型蒸馏攻击
- 无声处见惊雷:从《惊蛰无声》电影看当代网络安全攻防技术演进
- 文字推荐 ——走在安全前沿的 蓝队AI
- 威胁设计器:用于安全系统设计的 AI 驱动型威胁建模
- 智能驾驶行业专题报告:AI应用重要阵地,Robotaxi还看中国
- 盘点:2025年银行AI战略、组织机构、行动计划等
- 上海华瑞银行2026年AI特殊人才外包技术服务资源项目采购供应商招募
- 【渗透工具】——PYDNS扫描器
- BurpSuite插件 | Xia Sql二开 SQL注入扫描神器!
- 一个字节缺失,转账金额放大256倍:短地址攻击的数学魔术
- 我们加入微博啦!
- Microsoft Security Blog
- Private Feed for M09Ic
- WAY29 starred Lakr233/AssppWeb
- joaoviictorti starred EFForg/apkeep
- 0xbug starred MemeCalculate/moyin-creator
- bolucat released 202602242011 at bolucat/Archive
- PrefectHQ released 3.6.19 at PrefectHQ/prefect
- mgeeky starred 0xv1n/LOLGlobs
- CHYbeta starred spaceraccoon/vulnerability-spoiler-alert-action
- liamg contributed to infracost/go-proto
- liamg starred owenrumney/go-lsp
- OpenAEV-Platform released 2.2.0 at OpenAEV-Platform/openaev
- WAY29 starred marticliment/UniGetUI
- zeroclaw-labs released v0.1.7 at zeroclaw-labs/zeroclaw
- PrefectHQ released 3.6.19.dev3 at PrefectHQ/prefect
- anthropics released v2.1.52 at anthropics/claude-code
- gh0stkey starred zeroclaw-labs/zeroclaw
- usestrix released v0.8.2 at usestrix/strix
- gh0stkey starred gleam-lang/gleam
- Recent Commits to cve:main
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Tenable Blog
- Malwarebytes
- VMRay
- GuidePoint Security
- Reverse Engineering
- ROP the ROM: Exploiting a Stack Buffer Overflow on STM32H5 in Multiple Ways
- How to extract the firmware and convert the binary to ELF on a ESP32-PICO based water sensor device.
- Reverse Engineering Practice part- Quicksurface
- Reverse Engineering VW window switch- Quicksurface
- Writing a game hacking birdfeeder for fun and...fun
- Reverse Engineering Practice part Geomagic
- daniel.haxx.se
- Checkmarx
- 奇客Solidot–传递最新科技情报
- 绿盟科技技术博客
- 安全分析与研究
- 锦行科技
- 黑鸟
- 威努特安全网络
- 三欢师哥
- 天御攻防实验室
- RapidDNS
- 安全研究GoSSIP
- 丁爸 情报分析师的工具箱
- 全频带阻塞干扰
- 安全圈
- 中国信息安全
- 天黑说嘿话
- 火线安全平台
- 默安科技
- 电子物证
- 安全牛
- 慢雾科技
- 数世咨询
- 阿里安全响应中心
- 火绒安全
- 极客公园
- 吴鲁加
- 嘶吼专业版
- 360数字安全
- 迪哥讲事
- 安全行者老霍
- 看雪学苑
- TrustedSec
- 情报分析师
- Securityinfo.it
- Over Security - Cybersecurity news aggregator
- In Iran la sorveglianza digitale va a caccia di manifestanti
- ACN: a gennaio aumenta la capacità di monitoraggio e notifica da parte del CSIRT
- NordVPN: offerta di compleanno con sconto del 76% sui piani di 2 anni e 3 mesi sono extra
- Former L3Harris Trenchant boss jailed for selling hacking tools to Russian broker
- Wynn Resorts confirms employee data breach after extortion threat
- US sanctions Russian exploit broker for buying cyber tools stolen from defense contractor
- 1Campaign platform helps malicious Google ads evade detection
- Phishing operation with links to Russia, Armenia compromised Western cargo companies, researchers find
- Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
- CarGurus data breach exposes information of 12.4 million accounts
- Android Deep Dive: Implicit Intents
- Android Deep Dive: Deep and App Linking
- Android Deserialization Deep Dive
- CVE-2025-25362: Old Vulnerabilities, New Victims – Breaking LLM Prompts with SSTI
- Lessons from a Blue Team failure
- 🇮🇹 Conosciamo Edoardo Ottavianelli – Penetration Tester
- CVE-2025-47943: Stored XSS in Gogs via PDF
- Introduction to OPSEC (Part 2)
- Ghostwire: a clear, lightweight Docker toolkit for Web, networking, and Active Directory.
- CVE-2025-67511: Tricking a Security AI Agent Into Pwning Itself
- US ‘committed’ to fighting transnational gangs behind Southeast Asian scam compounds: FBI
- Microsoft adds Copilot data controls to all storage locations
- Sandworm_Mode: il “worm” della supply chain NPM
- Crypto platform Step Finance shutting down after $40 million theft
- Reddit fined $20 million by UK for not effectively checking users’ ages
- Identity-First AI Security: Why CISOs Must Add Intent to the Equation
- UK fines Reddit $19 million for using children’s data unlawfully
- NightBeacon: Rapid Deployment of AI Capabilities
- Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals
- UAE claims it stopped ‘terrorist’ ransomware attack
- PromptSpy e l’ingresso della GenAI nel malware per Android
- Critical SolarWinds Serv-U flaws offer root access to servers
- ShinyHunters extortion gang claims Odido breach affecting millions
- North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East
- North Korean Lazarus group linked to Medusa ransomware attacks
- Commercial Airline Industry Sees Sustained Scam and Impersonation Activity in 2026
- Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences
- Whaling e CEO Fraud: perché il pesce grosso è il più facile da pescare
- La NIS 2 non necessita di documenti: richiede governo
- AI Content Generation Systems Face Global Pressure Over Privacy and Deepfake Risks
- SURXRAT: Android RAT Downloads Large LLM Module from Hugging Face to Impact Device Performance
- Ransomware Attack on Langley Twigg Law: Updates, Official Statements and Reconstruction of Events According to Anubis
- bellingcat
- ICT Security Magazine
- Diritto dell'Informatica
- IntelTechniques Blog
- CNVD漏洞平台
- Schneier on Security
- SANS Internet Storm Center, InfoCON: green
- Tor Project blog
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- The Register - Security
- AI has gotten good at finding bugs, not so good at swatting them
- Patch these 4 critical, make-me-root SolarWinds bugs ASAP
- North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware
- Go library maintainer brands GitHub's Dependabot a 'noise machine'
- UK data watchdog fines Reddit £14.47M for letting kids slip past the gate
- Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
- UK tech hit by double trouble: Fewer foreign techies amid skills squeeze
- Euro allies aiming to rapidly build low-cost air defense weapons
- Social Engineering
- Instapaper: Unread
- The Hacker News
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
- UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
- Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
- Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
- Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
- Technical Information Security Content & Discussion
- Chrome CVE made me go digging and I found a container image in prod that hasn't been updated since 2023
- Using Passkeys for more than just Auth
- Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 – Mozilla Hacks - the Web developer blog
- ROP the ROM: Exploiting a Stack Buffer Overflow on STM32H5 in Multiple Ways
- AI Agent Threat Intel (Feb 2026 month to date): Tool chain escalation displaces instruction override as #1 technique, agent-targeting attacks hit 26.4% - 91K production interactions
- Troy Hunt's Blog
- Information Security
- Should I be concerned about the information rebate apps have?
- System Stability and Performance Analysis
- PlugOS: Rethinking Mobile Security by Decoupling the Secure OS from Smartphone Hardware
- How are you securely monitoring and managing Windows devices remotely?
- Overwhelmed with the Microsoft Learning resources
- TorrentFreak
- Computer Forensics
- Deep Web
- Your Open Hacker Community
- Deeplinks
- Security Affairs
- SolarWinds patches four critical Serv-U flaws enabling root access
- VMware Aria Operations flaws could enable remote attacks
- Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign
- Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
- Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen
- Security Weekly Podcast Network (Audio)